Disabled Management Policies on Cluster

justanotheruserjustanotheruser
in Firebox - FireCluster

Let's say I have accidentally disabled the two management policies on my cluster, I know there's a way to regain admin access using a serial connection and CLI, but is it also possible to do the following?

  1. take the passive member offline, reset to factory default, reload it with the existing XML
  2. does the passive member have to rejoin the cluster?
  3. will there be downtime if I regain admin access this way?

Comments

  • rv@kaufmann.dkrv@kaufmann.dk

    @justanotheruser

    Well, if you would apply your last xlm configuration to the device, you would still have no management access. You would need to apply a xml config where the management access is enabled.
    Then you would power off the current master, power on the device you just reloaded with a working configuration and the re-join the other device to the cluster.

    This would give you 1 or 2 minuttes of downtime, but why not just use the seriel way.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @justanotheruser
    You'd need to be able to access the existing cluster member in order to initiate a cluster discovery -- a defaulted cluster member won't do this itself.

    If you need to regain access to the firewall, I'd suggest using the steps in the KB you mentioned. Any serial rollover cable (including the light blue cisco ones) will work for this.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.